<?php
function show_page() {
  global $_GET, $data, $path, $style, $session_id, $header, $language;
  if (isset($data["type"]) && $data["type"] >= 1) { //does the user have enough rights?
    if (!isset($_GET["act"])) $_GET["act"] = "page";
    switch ($_GET["act"]) {
      case "userdata": //list of users
        $contents = getUserData(1, 1, 1, 1,"");
        header ($header["xml"]);
        break;
      case "update": //user's data
        // For the first button
        if (isset($_GET["ufname"]) && isset($_GET["ulname"])) {
          $_GET["ulname"] = utf8Encode($_GET["ulname"]);
          $_GET["ufname"] = utf8Encode($_GET["ufname"]);
          if (($_GET["ufname"] != '') && ($_GET["ulname"] != '')){
            $sql_str = "UPDATE user SET user.fname = '".$_GET["ufname"].
              "', user.lname = '".$_GET["ulname"].
              "' WHERE user.user_id = ".$data["user_id"].";";
            insertRecord($sql_str);
            getData("select * from user where user_id=".$data["user_id"].";", $data);
            $comment = "";
          }
          else {
            $comment = getMessage("EmptyName");
          }
          $contents = getUserData(1, 0, 0, 0, $comment);
          header ($header["xml"]);
          break;
        }
        // For the second button
        if (isset($_GET["unpass"]) && isset($_GET["uopass"])&& isset($_GET["urpass"])) {
          $_GET["unpass"] = utf8Encode($_GET["unpass"]);
          $_GET["uopass"] = utf8Encode($_GET["uopass"]);
          $_GET["urpass"] = utf8Encode($_GET["urpass"]);
          if (($_GET["uopass"] != '') && ($_GET["unpass"] != '') && ($_GET["urpass"] != '')) {
            $sql_str = "select pwd from user where user_id=".$data["user_id"].";";
            getData($sql_str, $user_pwd);
            if ($user_pwd["pwd"] == md5($_GET["uopass"])){
              if ($_GET["unpass"] == $_GET["urpass"]){
                $sql_str = "UPDATE user SET user.pwd = '".md5($_GET["unpass"]).
                  "' WHERE user.user_id=".$data["user_id"].";";
                insertRecord($sql_str);
                $comment = "";
              }
              else $comment = getMessage("NewRePWD");
            }
            else $comment = getMessage("CheckPWD");
          }
          else $comment = getMessage("ForNewPWD");
          $contents = getUserData(0, 1, 0, 0, $comment);
          header ($header["xml"]);
          break;
        }
        // For style and language
        if (isset($_GET["ustyle"]) && isset($_GET["ulang"])) {
          $_GET["ustyle"] = utf8Encode($_GET["ustyle"]);
          $_GET["ulang"] = utf8Encode($_GET["ulang"]);
          //print("%".$_GET["ulang"]."%".$_GET["ustyle"]."%");
          if (($_GET["ustyle"] != '') && ($_GET["ulang"] >= 0)) {
            $sql_str = "UPDATE user SET user.style = '".$_GET["ustyle"].
              "', user.lang = ".$_GET["ulang"].
              " WHERE user.user_id = ".$data["user_id"].";";
            insertRecord($sql_str);
            getData("select * from user where user_id=".$data["user_id"].";", $data);
            $language["interface"] = $data["lang"];
            $style = $data["style"];
          }
        }
      default: //including "page"
        $filename = $path[$style]["tpl"]."/user.htm";
        $fp = fopen($filename, "r");
        $contents = fread($fp, filesize ($filename));
        fclose ($fp);

        $contents = str_replace("%ROOT_CSS%", $path[$style]["css"], $contents);
        $contents = str_replace("%ROOT_IMG%", $path[$style]["img"], $contents);
        $contents = str_replace("%ROOT_JAVA%", $path[$style]["java"], $contents);

        $contents = str_replace("%SID%", $session_id, $contents);
        $contents = str_replace("%TRG%", "user", $contents);

        $contents = str_replace("%LOGOUT%", getMessage("Logout"), $contents);
        $contents = str_replace("%MAINMENU%", getMessage("Main menu"), $contents);
        $contents = str_replace("%ADMIN%", getMessage("My settings"), $contents);
        $contents = str_replace("%LOAD%", getMessage("Loading"), $contents);
        $contents = str_replace("%UNAVAIL%", getMessage("Unavailable"), $contents);
        header ($header["html"]);
        break;
    }
    header ("Expires: Mon, 26 Jul 1997 05:00:00 GMT");    // Date in the past
    header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); // always modified
    header ("Cache-Control: no-cache, must-revalidate");  // HTTP/1.1
    header ("Pragma: no-cache");                          // HTTP/1.0
    print ($contents);
  }
  else { //no admin rights
    header("Location: index.php?trg=main&sid=".$session_id);
  }
}

function getUserData($showdata, $showpassword, $showinfo, $showstyle, $comment) {
  global $_GET, $path, $style, $session_id, $data, $language;
  $filename = $path[$style]["tpl"]."/userdata.xml";
  $fp = fopen($filename, "r");
  $contents = fread($fp, filesize ($filename));
  fclose ($fp);

  preg_match("/\%REPEAT\%(.*?)\%REPEAT\%/s", $contents, $matches);
  preg_match("/\%REPDAT\%(.*?)\%REPDAT\%/s", $matches[1], $datmatches);
  preg_match("/\%REPOPT\%(.*?)\%REPOPT\%/s", $datmatches[1], $optmatches);
  $rep_cont = "";
  //getData("select * from user where user_id=".$data["user_id"].";", $userdata);

  if ($comment == '') $er = '';
  else $er = 'Error:';

  $udata = "";
  if ($showdata) {  //User data
    //First name
    $fname = str_replace($optmatches[0], "", $datmatches[1]);
    $fname = str_replace("%TYPE%", "Text", $fname);
    $fname = str_replace("%NODE_ID%", "ufname", $fname);
    $fname = str_replace("%NODE_TL%", getMessage("First name"), $fname);
    $fname = str_replace("%VALUE%", $data["fname"], $fname);
    //LastName
    $lname = str_replace($optmatches[0], "", $datmatches[1]);
    $lname = str_replace("%TYPE%", "Text", $lname);
    $lname = str_replace("%NODE_ID%", "ulname", $lname);
    $lname = str_replace("%NODE_TL%", getMessage("Last name"), $lname);
    $lname = str_replace("%VALUE%", $data["lname"], $lname);
    //button
    $ubutn = str_replace($optmatches[0], "", $datmatches[1]);
    $ubutn = str_replace("%TYPE%", "Button", $ubutn);
    $ubutn = str_replace("%NODE_ID%", "ubutn", $ubutn);
    $ubutn = str_replace("%NODE_TL%", getMessage("Save"), $ubutn);
    $ubutn = str_replace("%VALUE%", "'0','ufname','ulname'", $ubutn);
    //Comment
    $comments = str_replace($optmatches[0], "", $datmatches[1]);
    $comments = str_replace("%TYPE%","Label", $comments);
    $comments = str_replace("%NODE_ID%", "", $comments);
    $comments = str_replace("%NODE_TL%", $er , $comments);
    $comments = str_replace("%VALUE%", $comment, $comments);
        //User
    $udata = str_replace($datmatches[0], $fname.$lname.$ubutn.$comments, $matches[1]);
    $udata = str_replace("%GROUP_ID%", "0", $udata);
    $udata = str_replace("%GROUP_TL%", getMessage("User data"), $udata);
    //print "****".$udata."****";
  }

        //Second part
  $usdata = '';
  if ($showinfo) {  //User data
    //Login
    $login = str_replace($optmatches[0], "", $datmatches[1]);
    $login = str_replace("%TYPE%", "Label", $login);
    $login = str_replace("%NODE_ID%", "", $login);
    $login = str_replace("%NODE_TL%", getMessage("Login"), $login);
    $login = str_replace("%VALUE%", $data["login"], $login);
    //Type
    $utype = str_replace($optmatches[0], "", $datmatches[1]);
    $utype = str_replace("%TYPE%", "Label", $utype);
    $utype = str_replace("%NODE_ID%", "", $utype);
    $utype = str_replace("%NODE_TL%", getMessage("Type"), $utype);
    $utype = str_replace("%VALUE%", getMessage("RegUser"), $utype);

    $usdata = str_replace($datmatches[0], $login.$utype, $matches[1]);
    $usdata = str_replace("%GROUP_ID%", "1", $usdata);
    $usdata = str_replace("%GROUP_TL%", getMessage("Information"), $usdata);

  }

  $updata = "";
  if ($showpassword) {  //User password
    //Password
    $upass = str_replace($optmatches[0], "", $datmatches[1]);
    $upass = str_replace("%TYPE%", "Password", $upass);
    $upass = str_replace("%NODE_ID%", "uopass", $upass);
    $upass = str_replace("%NODE_TL%", getMessage("Password"), $upass);
    $upass = str_replace("%VALUE%", "", $upass);
    //New password
    $npass = str_replace($optmatches[0], "", $datmatches[1]);
    $npass = str_replace("%TYPE%", "Password", $npass);
    $npass = str_replace("%NODE_ID%", "unpass", $npass);
    $npass = str_replace("%NODE_TL%", getMessage("ChangePass"), $npass);
    $npass = str_replace("%VALUE%", "", $npass);
    //Repead password
    $repass = str_replace($optmatches[0], "", $datmatches[1]);
    $repass = str_replace("%TYPE%", "Password", $repass);
    $repass = str_replace("%NODE_ID%", "urpass", $repass);
    $repass = str_replace("%NODE_TL%", getMessage("RepeatPass"), $repass);
    $repass = str_replace("%VALUE%", "", $repass);
    //button
    $passbutn = str_replace($optmatches[0], "", $datmatches[1]);
    $passbutn = str_replace("%TYPE%", "Button", $passbutn);
    $passbutn = str_replace("%NODE_ID%", "passbutn", $passbutn);
    $passbutn = str_replace("%NODE_TL%", getMessage("Save"), $passbutn);
    $passbutn = str_replace("%VALUE%", "'2','uopass','unpass','urpass'", $passbutn);
    //Comment
    $comment_pwd = str_replace($optmatches[0], "", $datmatches[1]);
    $comment_pwd = str_replace("%TYPE%","Label", $comment_pwd);
    $comment_pwd = str_replace("%NODE_ID%", "", $comment_pwd);
    $comment_pwd = str_replace("%NODE_TL%", $er, $comment_pwd);
    $comment_pwd = str_replace("%VALUE%",$comment, $comment_pwd);

    $updata = str_replace($datmatches[0], $upass.$npass.$repass.$passbutn.$comment_pwd, $matches[1]);
    $updata = str_replace("%GROUP_ID%", "2", $updata);
    $updata = str_replace("%GROUP_TL%", getMessage("Password"), $updata);
    //print "****".$udata."****";

  }

  $uldata = '';
  if ($showinfo) {  //User data
    //Style
    $opts = "";
    foreach ($path as $key => $value) {
      $opt = str_replace("%OPT_ID%", $key, $optmatches[1]);
      $opt = str_replace("%OPT_TL%", $key, $opt);
      if ($data["style"] == $key) $opt = str_replace("%SELECTED%", "selected", $opt);
      else $opt = str_replace("%SELECTED%", "0", $opt);
      $opts .= $opt;
    }
    $utype = str_replace($optmatches[0], $opts, $datmatches[1]);
    $utype = str_replace("%TYPE%", "Option", $utype);
    $utype = str_replace("%NODE_ID%", "ustyle", $utype);
    $utype = str_replace("%NODE_TL%", getMessage("Style"), $utype);

    //Language
    $max_i = getMultData("select * from language;", $langdata);
    $opts = "";
    for ($i = 0; $i < $max_i; $i++) {
      $opt = str_replace("%OPT_ID%", $langdata[$i]["language_id"], $optmatches[1]);
      $opt = str_replace("%OPT_TL%", $langdata[$i]["name"], $opt);
      if ($data["lang"] == $langdata[$i]["language_id"]) $opt = str_replace("%SELECTED%", "selected", $opt);
      else $opt = str_replace("%SELECTED%", "0", $opt);
      $opts .= $opt;
    }
    $ulang = str_replace($optmatches[0], $opts, $datmatches[1]);
    $ulang = str_replace("%TYPE%", "Option", $ulang);
    $ulang = str_replace("%NODE_ID%", "ulang", $ulang);
    $ulang = str_replace("%NODE_TL%", getMessage("Language"), $ulang);
    //button
    $passbutn = str_replace($optmatches[0], "", $datmatches[1]);
    $passbutn = str_replace("%TYPE%", "Button", $passbutn);
    $passbutn = str_replace("%NODE_ID%", "passbutn", $passbutn);
    $passbutn = str_replace("%NODE_TL%", getMessage("Save"), $passbutn);
    $passbutn = str_replace("%VALUE%", "'reload','ustyle','ulang'", $passbutn);

    $usdata = str_replace($datmatches[0], $utype.$ulang.$passbutn, $matches[1]);
    $usdata = str_replace("%GROUP_ID%", "3", $usdata);
    $usdata = str_replace("%GROUP_TL%", getMessage("Appearance"), $usdata);
  }

  return str_replace($matches[0], $udata.$usdata.$uldata.$updata, $contents);
}
?>